Going Stasi: the Vigilante Project
Posted by Charles II on August 3, 2010
Glenn Greenwald writes about a post by Forbes writer Andy Greenberg as follows
[Chet] Uber is the Executive Director of a highly secretive group called Project Vigilant, which, as Greenberg writes, “monitors the traffic of 12 regional Internet service providers” and “hands much of that information to federal agencies.” More on that in a minute. Uber revealed yesterday that Lamo, the hacker who turned in Manning to the federal government for allegedly confessing to being the WikiLeaks leaker, was a “volunteer analyst” for Project Vigilant; that it was Uber who directed Lamo to federal authorities to inform on Manning by using his contacts to put Lamo in touch with the “highest level people in the government” at “three letter agencies”; and, according to a Wired report this morning, it was Uber who strongly pressured Lamo to inform by telling him (falsely) that he’d likely be arrested if he failed to turn over to federal agents everything he received from Manning.
He [Chet Uber] says the 600-person “volunteer” organization functions as a government contractor bridging public and private sector security efforts. Its mission: to use a variety of intelligence-gathering efforts to help the government attribute hacking incidents….According to Uber, one of Project Vigilant’s manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users’ Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can “develop portfolios on any name, screen name or IP address.”… its volunteer staff includes former NSA official Ira Winkler and Suzanne Gorman, former security chief for the New York Stock Exchange.
250 million IP addresses is, basically, everyone in the US.
Combine this organization with the wiretapping done by US government agencies, and you have a far more effective police state than ever existed in East Germany.
Added: Here is Project Vigilant(e)’s man. He looks to me as if he is on narcotics.
___________________________________
Added: Scott Horton had exactly the same reaction as I did, calling his post: Tales from StasiLand: The Internet Vigilantes,; and calls “astute” the following analysis from Glenn Greenwald:
There are serious obstacles that impede the Government’s ability to create these electronic dossiers themselves. It requires both huge resources and expertise. Various statutes enacted in the mid-1970s — such as the Privacy Act of 1974 — impose transparency requirements and other forms of accountability on programs whereby the Government collects data on citizens. And the fact that much of the data about you ends up in the hands of private corporations can create further obstacles, because the tools which the Government has to compel private companies to turn over this information is limited (the fact that the FBI is sometimes unable to obtain your “transactional” Internet data without a court order — i.e., whom you email, who emails you, what Google searches you enter, and what websites you visit –is what has caused the Obama administration to demand that Congress amend the Patriot Act to vest them with the power to obtain all of that with no judicial supervision).
But the emergence of a private market that sells this data to the Government (or, in the case of Project Vigilance, is funded in order to hand it over voluntarily) has eliminated those obstacles. As a result, the Government is able to circumvent the legal and logistical restrictions on maintaining vast dossiers on citizens, and is doing exactly that.
I’d call that astute, too.
11 Responses to “Going Stasi: the Vigilante Project”
Sorry, the comment form is closed at this time.
Phoenix Woman said
Ho. Lee. Crap.
Charles II said
Well, yes.
That’s what happens when you massively expand the national security state even as you turn over more and more of its functions to private contractors. You create a corporate security state, without even the pathetic bit of oversight that Congress gives to the NSA, DIA, FBI, and CIA.
Let’s keep this in perspective. The Vigilante Project has 600 “volunteers,” which limits how much actual surveillance they can do. Since there’s no oversight or checks and balances on them, and they enjoy favored status with government, they could become 600,000, but that day is not today.
Private corporations have been gathering data on Americans for decades. Massive databases have been created. My guess is that they are used for everything from marketing to wholesale blacklisting of people that the corporate state considers unreliable because they hold views that are sympathetic to unions, the environment or whatever else corporations fear.
But it has gotten so completely out of control that there is nothing to be afraid of any more: the worst has already happened. Just as in East Germany, when you spy on everyone, the system breaks down. Everyone is guilty of something, so who are the state’s real enemies? In East Germany’s case, the real enemies of the state were… the state, which was doing nothing for the country except spying. That seems to be the route the United States is going down.
Phoenix Woman said
A-yep. At which point a sort of perpetual Year of Jubilee kicks in.
Stormcrow said
Read Richard Bejtlich’s take on Project Vigilant before you get too spun up about this.
Project Vigilant Is a Publicity Stunt.
He goes on to say …
He concludes, after digging up enough dirt just from domain registrations alone to make Uber look like a total poseur …
This wouldn’t be the first time, either.
Google search on “kimble schwartz yihat” for a blast from the past.
Avedon said
Sounds right to me. The article exists because they wanted to announce themselves to the press. This is a PR operation, not exposure by a diligent reporter.
Phoenix Woman said
Ah, that would make sense. The idea of the Feds trusting nutbars to do their snooping did seem rather odd. Though it’s not exactly without precedent.
Stormcrow said
But the model the Feds seem to be working towards in information security space is a heavily centralized one. An arguable case could be made that they might do better to use China’s “militia” approach. But I don’t think that squares well with either Big Bux contracts to Beltway Bandit type consultancies or overt Armed Services (probably Air Force) control.
Everything I’ve read about the present power struggle in DC over this issue suggests one of those two models will be the way this plays out.
I don’t think the FBI would be too pleased either, since they are working very hard to put the sort of folks the PRC would recruit (namely, blackhat cybercrooks), in jail.
Charles II said
Stormcrow, before dismissing this as a publicity stunt, I suggest you read the history of blacklisting (here’s a source). In the McCarthy period, blacklists were compiled by non-governmental sources, using publications like Red Channels and American Sentinel to harass and isolate an enormous number of people. The Church League of America, for example, turned over seven million index cards to Jerry Falwell. These blacklists continue to be compiled (David Horowitz does it openly) and government officials are infinitely gullible when it comes to databases. Whether they choose to have private contractors, private citizens, or government agents makes a difference. The use of government employees installs checks and balances through congressional oversight and through FOIA, as well as by providing some guarantee that the list won’t leak out and be used for private ends. If contractors or private citizens are employed, there are no rules.
This may be a promotional stunt for a security firm. But it also represents a threat to civil liberties. The inclusion of a former NSA official is particularly troubling.
Phoenix Woman said
Also, the ACLU did a 2004 report on how snooping, like everything else, has been privatized.
Stormcrow said
Given the road the Feds are traveling, in this one particular area, Project Vigilant doesn’t look like either a medium or high intensity threat to me.
The Feds are going to centralize this, if they go there at all, for several reasons.
(1) Otherwise, they lose all hope of controlling the direction this goes. And they’re already paying the geometrically increasing costs of their neglect of that, over the last 20 years and counting.
(2) What you’re talking about here is what I call “driftnet” intel collection. Grab everything, and sift it out later.
Driftnet methods of intel collection must be centrally controlled if they’re not to unravel into patchworks that miss essential pieces. The government knows this and the last 15 years of FBI and NSA electronic surveillance reflects that knowledge. Examples aren’t hard to come by. Echelon and Carnivore come to mind immediately.
I think they’re a bloody stupid waste of time anyway, today, because of scaling failure. Not enough analysts. Never enough analysts. But the only way they can even be attempted is with a centralized control model.
Charles II said
You seem to be working under the assumption that the goal of domestic intelligence is to track down terrorists.
The history suggests that one major goal, and probably the principal goal, is to suppress domestic dissent.
For that, you hardly care about what is gathered, as long as people know they are being watched.